It is public key cryptography. You give websites your public key, and keep your private key hidden. When you sign in to a website, they send you a nonce. You then digitally sign the nonce with your private key. They verify that the signature was signed with your private key, allowing you to log in.
There is no private info (aka a password) going out in public so you don't have to trust anyone to keep your password secret.
It greatly reduces the attack surface of logging in, but the attack surface is moved to the weakest part of the system, aka the user.
stonemetal12|1 year ago
There is no private info (aka a password) going out in public so you don't have to trust anyone to keep your password secret.
It greatly reduces the attack surface of logging in, but the attack surface is moved to the weakest part of the system, aka the user.
whstl|1 year ago
This is similar to SSH or git operates when you disable passwords and use keys in ~/.ssh, for example.
You can store the private keys in YubiKeys or in password managers.
badgersnake|1 year ago
ghjfrdghibt|1 year ago
maeil|1 year ago